The recent events in the United States are scary to consider, on more than one level. One of the most dangerous is giving the Department of Government Efficiency (DOGE) workers so much access to data! Though we have some idea of what DOGE can access, we don’t really understand the full extent. And probably neither do they, which can be dangerous in its own way.
When we collectively started to go digital and mobile, our data came along. We all generate mass quantities of data about ourselves and others every day. Even worse, in most scenarios, we don’t even realize how much data we’re giving up control to or who is gaining access. Nor do we fully know what will happen to all that data.
Based on my experiences working in information and data governance, the little “g” governance is sometimes missing in big “G” Government. Basically, this means not enough controls or guard rails exist in systems controlling information and data. I’m willing to bet that the US government is similar to a lot of places I’ve worked. They probably didn’t put in enough controls and guardrails on their information systems when they were first created. After all, when the workplace started to go digitally, nobody was thinking this far ahead. Or perhaps not imaging this particular scenario could happen.
For example, an organization should put controls around highly sensitive and personal employee data. This would include information about an employee’s marital status, health issues, personal address and phone number, etc. Controls are a way to protect data and the people behind it. One control may be to restrict access to authorized personnel. Another could be to anonymize data when used in aggregate. Deleting data once it is no longer needed is a control often overlooked. However, it protects both former employees from and the company by limiting and minimizing damage if there is a cybersecurity incident.
With all this technology and advances, one might think implementing these controls is easy. After all, can’t AI do this for us? The short answer is “no.” Often the controls are missing because they weren’t considered part of the information system. It’s usually only after a disaster happens that people start to think about these things. By that time, it’s often expensive, or sometimes not possible, to implement controls. Now we’ll all be learning a valuable lesson about governing the Governed.
1 comment for “Governing the Governed”